Secure transfer and use of secret material in a shared environment

摘要

Aspects related to the secure transfer and use of secret material are described. In one embodiment, public vendor and provider keys are provided to a customer and encrypted secret material is received in return. The encrypted secret material may include a customer secret material encrypted by the public vendor and provider keys. The encrypted secret material is imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret material of the customer, as the customer secret material is decrypted and stored within the trusted execution environment but is not accessed by the provider in an unencrypted form. In turn, the provider may receive various instructions to perform cryptographic operations on behalf of the customer, and those instructions may be performed by the trusted execution environment.

主权项

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, comprising:
code that imports double encrypted secret material received from a customer client device into a trusted execution environment; code that imports double encrypted revocation data received from the customer client device into the trusted execution environment, the double encrypted secret material and the double encrypted revocation data being respectively encrypted by public provider and public vendor keys; code that extracts, by the trusted execution environment, vendor encrypted secret material from the double encrypted secret material by decrypting the double encrypted secret material with a private provider key; code that extracts, by the trusted execution environment, secret material from the vendor encrypted secret material by decrypting the vendor encrypted secret material with a private vendor key; code that extracts, by the trusted execution environment, revocation data from the double encrypted revocation data by decrypting the double encrypted revocation data with the private provider and the private vendor key, wherein the revocation data defines at least one condition of validity for the secret material; code that stores the secret material and the revocation data within the trusted execution environment; code that receives an instruction to perform a cryptographic operation and an identifier of the secret material from the customer client device; and code that performs, by the trusted execution environment, the cryptographic operation using the secret material based in part on the identifier of the secret material and the revocation data.